libxpm is vulnerable to Remote Code Execution(RCE). When processing .Z
or .gz
file extensions, the library calls external programs to compress and uncompress files. This could allow a malicious user to execute other programs by manipulating the PATH environment variable.
Vendor | Product | Version | CPE |
---|---|---|---|
- | libxpm\ | edge | cpe:2.3:a:-:libxpm\:edge:3.5.13-r0:*:*:*:*:*:*:* |
- | libxpm\ | edge | cpe:2.3:a:-:libxpm\:edge:3.5.13-r1:*:*:*:*:*:*:* |
- | libxpm\ | edge | cpe:2.3:a:-:libxpm\:edge:3.5.14-r0:*:*:*:*:*:*:* |
- | libxpm\ | 3.14 | cpe:2.3:a:-:libxpm\:3.14:3.5.13-r0:*:*:*:*:*:*:* |
- | libxpm\ | 3.16 | cpe:2.3:a:-:libxpm\:3.16:3.5.13-r0:*:*:*:*:*:*:* |
- | libxpm\ | 3.17 | cpe:2.3:a:-:libxpm\:3.17:3.5.13-r1:*:*:*:*:*:*:* |
- | libxpm\ | 3.17 | cpe:2.3:a:-:libxpm\:3.17:3.5.14-r0:*:*:*:*:*:*:* |
- | libxpm\ | 3.15 | cpe:2.3:a:-:libxpm\:3.15:3.5.13-r0:*:*:*:*:*:*:* |
* | libxpm | 3.5.8_2.el6 | cpe:2.3:a:*:libxpm:3.5.8_2.el6:*:*:*:*:*:*:* |
* | libxpm | 3.5.12_7.el8 | cpe:2.3:a:*:libxpm:3.5.12_7.el8:*:*:*:*:*:*:* |
bugzilla.redhat.com/show_bug.cgi?id=2160213
gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff91669
gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9
lists.debian.org/debian-lts-announce/2023/06/msg00021.html
lists.x.org/archives/xorg-announce/2023-January/003312.html
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml